Date: Wed, 28 Jan 2009 12:43:39 -0600 From: "David DeSimone" <fox@verio.net> To: "Len Gross" <sandiegobiker@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: MTU or Fragmentation Problems on 7.0? Message-ID: <20090128184339.GD2436@verio.net> In-Reply-To: <27cb3ada0901271801u6d1db9cfhfb953073355db2d2@mail.gmail.com> References: <27cb3ada0901251009x7a96019am672f8bd42380df90@mail.gmail.com> <20090127064419.GC1284@verio.net> <27cb3ada0901271801u6d1db9cfhfb953073355db2d2@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Len Gross <sandiegobiker@gmail.com> wrote: > > I guess it is "good news" that this is a result of "common TCP > methodology." ;-> It can be good or bad. Just because it's common doesn't mean it always works. :) > BTW: The only firewall I've found in this setup is a Linksys WiFi > Router that that connects to a cable modem. Similar setup at a second > location with a WiFI router to DSL. Reduced MTU sizes are quite common with DSL setups, and so people using DSL are most likely to run into these issues. I should point out that most of the consumer DSL routers such as the Linksys you mentioned will perform a hack known as "MSS mangling". They will watch for TCP SYN packets being sent, and if the MSS is larger than would be supported by the Path MTU, they will change the MSS value to an acceptable value before forwarding it along. Since this causes the other endpoint to negotiate a smaller initial MSS, the connection "just works" in nearly all cases. This is probably the main reason why there has not been a huge outcry concerning rampant ICMP filtering breaking Path MTU Discovery. In fact, you may even want to investigate how you can start doing some MSS Mangling in your own setup. > One left over item to ponder. Why does Google work? Do they have a > packet size smaller than 1450 by "default"? More likely they use firewalls that forward ICMP traffic correctly, as that would be required. You should snoop on your BSD1 box to see if they are sending larger frames and whether your BSD1 box is sending ICMP responses back to them. -- David DeSimone == Network Admin == fox@verio.net "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090128184339.GD2436>